Search form

You are here

New Android Malware Most Powerful Yet

by John Lister on January, 17 2018 at 01:01PM EST

A newly discovered malware exploit offers hackers an incredible level of control and access. Fortunately the creators appear to be highly targeting their victims, though it's still a threat to ordinary users.

Dubbed Skygofree, the malware affects users of the Android smartphone
operating system. It is said to give the people behind the malware the ability to remotely carry out 48 different operations on an infected phone. These include targeted controls not previously seen, as well as more common malware exploitations.

Some of the 'normal' options for the malware creators include the ability to track a user's location through the phone's GPS, access their calendar, read text messages, and examine photos and videos shot on the device.

Malware Turns Microphone Into Spy Device

Skygofree also offers some capabilities that have until now only been theoretical.

For example, the hackers can not only set the phone to record nearby audio with the microphone, but can
also set this to only happen when the victim is in a specific location. That makes it much more practical to eavesdrop on particular conversations without needing to worry about wading through hours upon hours of audio. (Source: zdnet.com)

The malware also allows the attackers to set the phone so that it automatically connects to a particular WiFi network. That means the attackers could get within range of a victim with a portable WiFi hotspot,
automatically switch the connection to the rogue WiFi, then eavesdrop on the
user's activity.

Victims May Not Be Random

Another new capability is the ability to read messages sent and received on the WhatsApp service via the phone itself.
The hack takes advantage of a bug in the tools that help people with disabilities use
a phone. Some users rely on this for confidential messages, as the data is encrypted while
traveling over the Internet, meaning law enforcement agencies and governments have no way to access it.

The malware appears to be spread through bogus websites that closely resemble those of genuine companies, such as mobile phone service providers.

The good news for most users is that analysis of the malware by Kaspersky Labs suggests the creators are not only concentrating on users in Italy but
- given the nature of the capabilities - are likely targeting specific individuals. This could be for corporate espionage or political spying. (Source: arstechnica.com)

What's Your Opinion?

Are you surprised mobile malware has got so powerful? Are you concerned that other would-be hackers might get hold of the technology? Do you consider Android a bigger security risks than other mobile systems?

Comments

While this malware is sophisticated in that it is able to spy during certain times and automatically switch the user to a rogue network - this is not surprising or as "high tech" as it may seem. It is simply a matter of using existing capabilities of the smartphone and redirecting the phone to do so on command.

The fact that this malware has the ability to make such decisions underscores what can happen if a phone was even infected due to an an exploit in the operating system (and presumably rooted).

Rooting a phone means to take ownership of the phone using administrator (super user) access. This is nothing new on Windows operating systems, for example, which is why it's important to (a) use only Windows operating systems that are currently supported such as Windows 7, 8 and 10 - and to make sure that they are patched and up to date. The same thing applies for any smartphone, tablet, PC, laptop, etc.

If the malware managed to root the phone, it also means the malware could possibly be installed as a root kit. In other words, the malware would operate without the operating system or antivirus being able to detect it. You could use something like malwarebytes antimalware to scan the phone but it may not find it for the same reasons I just mentioned. Another option would be to reset the phone and that would hopefully get rid of it, providing the malware doesn't embed itself into the files that are used to reset your device. In that case you would have to download firmware from a reliable source and flash your phone - that is not an easy feat by any means - or take it to a phone center that could do it for you.

Being able to make changes to files on the phone in the manner you describe (scanning the phone using a computer, than having the antivirus on the computer change / delete files on the phone) would be similar to rooting a phone. It would not be allowed because the virus would likely be in use in the phone's memory. You would have to scan the phone using the phone's operating system. For deeply rooted issues you would have to reset the phone.

I'm thinking since Kaspersky offers a non-free Android security app, this is an attempt to sell Android users on Kaspersky security products. There are other tech posts online which suggest this report is "malarkey". Users would have to be pretty stupid to go to the sites Kaspersky has listed so far. These are not major carrier sites. And users would have to deliberately click on things and fill out forms to get infected. According to Computerworld's Steven J. Vaughan-Nichols, "...there’s no way you can get Skygofree unless you are an idiot."